​The necessity of organizational buy-in

In preparing to enter the business continuity industry, I could foresee that technological advances and organizational buy-in were going to be the greatest challenges for business continuity professionals. I interviewed at dozens of organizations across the United States before accepting a Business Continuity and Information Security position at one of the leading financial institutions.

I still firmly believe that organizational buy-in is paramount to a business continuity programme’s success. Lacking robust continuity plans will cause an organization to have difficulty recovering from an incident - if they can recover at all. By investing in business continuity professionals and programmes, an organization is providing the opportunity for thorough plans and recovery tactics. I have found that in my division, business continuity is heartily supported by senior management and that is essential to our success.

As a continuity planner, my job entails working with business areas to ensure they are meeting the continuity standards and requirements. Having a capable business continuity programme allows the business areas to understand and comply with the resiliency requirements. The business areas we support hold greater stock in our testing and resiliency requests knowing that senior management is backing our initiatives.

In my capacity working with both Business Continuity and Information Security I maintain that technological advances pose challenges for continuity professionals, though I concede that my views have changed based on my experience. While social media, the cloud, and virtualization are still very prominent challenges for organizations, I believe that automation of processes and appropriate and ethical use of access is of greater concern. Automated processes remove human error, though if systems are down, the business would need this issue resolved within their Recovery Time Objectives. Having manual workarounds in place to guarantee that recovery will be successful is imperative to ensure critical tasks are completed. Ethical and appropriate use of access can result in fines, legal issues, and public embarrassment. Ensuring that users are neither sharing passwords nor over-provisioning their access mitigates these risks.

While organizational buy-in is still a challenge for business continuity professionals, I am fortunate to be working in a division that has recognized the importance of this field, and encourages growth and understanding from its businesses. Our CEO has emphasized the importance of identifying and mitigating risk and as such seeks to limit human error and strictly control access. Interviewing at so many organizations throughout the country allowed me to see the varying emphasis companies place on business continuity programmes. As such, business continuity professionals may still need to fight for their place in an organization, though I hope that companies who are not fully invested in business continuity programmes are able to see the benefits of those who are leading their industries.

Tanya Fischer AMBCI currently holds a position as a Continuity Analyst at a financial institution in Eastern Massachusetts. As a Continuity Analyst, Tanya supports business continuity plans for numerous Business Units throughout North America and EMEA. Still fairly new to the field, she has an optimistic outlook for business continuity professionals! Tanya holds an MSc in Emergency Management with a concentration in Homeland Security from Adelphi University. Tanya was also an original contributor to the Business Continuity Institute's '20 in their 20s' publication.